Bot Management for Travel

Netacea’s revolutionary bot management technology is helping organisations throughout the vast sectors of the travel industry, to identify and mitigate malicious bot threats.

Our technology goes beyond distinguishing between human and bot, to focus on understanding the traffic’s intent; gauging whether the bots are good or bad. We then feed actionable intelligence to your team, while automatically prioritising genuine users in real-time and preventing unwanted bot traffic

Working with Netacea has strengthened our overall cybersecurity posture. In partnership with the Netacea team, we can now inspect automated traffic in real-time and make informed decisions about the mitigation action we want to take.

- Head of Cyber Security

The Impact of Bad Bots in Travel

Bots are used to hoard inventory in various areas of the travel industry. For instance, bots are programmed to carry out a flight reservation up until the point of payment. This reserves the seats for up to 20 minutes, during which time real customers perceive there to be no availability and the perpetrator attempts to sell the seats on for a profit.

Once the website has cleared the basket of the held reservation a new bot will pick up that availability and repeat the process until the inventory is successfully sold.

Travel sites are frequently affected by aggregation services that use scraping bots to discover and publicise the availability of products or services such as flights, hotels or car rentals. Threat actors advertise the scraped information at lower price points on a secondary site.

The aggregators are motivated by the financial rewards of charging commissions, stealing personal data or generating advertising revenue.

Our data scientists have observed travel sites with 90% scraper bot traffic, which inevitably impacts top line revenue, bottom line profits and customer experience. The complexity and range of web scrapers hitting every website requires a sophisticated solution that quickly and accurately collects information and identifies patterns for the successful mitigation of automated threats.

Account takeover (ATO) attacks are carried out using fake account creation and credential stuffing techniques, to give attackers access to customer accounts holding valuable items such as membership points and frequent flyer miles that can be sold-on for a profit.

As loyalty points in travel are often only checked a handful of times a year there is a huge window of opportunity for the threat actor before the genuine customer realises points have been stolen.

This has a double-edged impact on the targeted travel company who must refund the points to the legitimate customer and pay for the goods or service that the threat actor has received using the stolen loyalty points.